In April 2016, the European Ombudsman launched an investigation into the European Commission’s failure to disclose information of the “EU Internet Forum”. The EU Internet Forum brings together US internet companies (Microsoft, Facebook, Twitter, Google), government officials, and law enforcement agencies to discuss how to reduce the accessibility of undefined “terrorist material” and badly defined “hate speech” online (as defined by 28 different national laws that are not even properly implemented in some countries).

It is certainly important to address and prosecute illegal online activity. However, it is worrying that the Commission proposes yet again an initiative to encourage internet companies to take “voluntary” actions in response to a very diverse range of possibly illegal or unwanted online activity. As shown through numerous examples around the globe, voluntary measures by online service providers often come with collateral damage and have a negative impact on the freedom of expression.

In 2015, EDRi requested access to documents related to the EU Internet Forum. As a result, we only received heavily redacted documents that revealed nothing but an apparent disregard for the fundamental rights of European citizens. In February 2016, we filed the complaint to the Ombudsman in which we argued that the Commission wrongly refused full access to two documents.

According to rules on access to documents, the EU Commission can refuse access and make use of certain exceptions, for instance, for the protection of public security. In its response to EDRi, the EU Commission made use of this exception and argued that by making documents and details of the initiatives public “would allow them [terrorist groups] to circumvent counter-terrorism measures”.

The fact that the Commission uses the term “circumvention” in the context of reducing online accessibility of undefined “terrorist material”, demonstrates that the restriction of communications was the object of discussions with industry representatives The Commission identified the circumvention as a risk to the restriction on the freedom of communication of the initiative. This means that there is a restriction on the freedom of expression and this, in turn, means that a legal basis is required, as detailed to Article 52 of the Charter of Fundamental Rights of the European Union. In a letter to the Ombudsman of 29 November 2016, EDRi responded therefore that the EU Commission is obliged to make at least the underlying legal basis or reasoning public. The Commission has previously used the rather tenuous argument that, if it or Member States persuade companies to implement measures without a law, then this is “voluntary” and therefore the Commission and the Member States are no longer bound by the primary law of the European Union.

Secondly, the Commission claimed that releasing the documents would undermine public security in a foreseeable and not purely hypothetical manner. To prove the real nature of the threat, the Commission quoted two press articles which report on threats to CEOs of US-based IT companies.

In our response, we argued that in the absence of a confirmation by law enforcement, press reports and claims by industry representatives in the media are insufficient proof of the reality of the threat. Furthermore, we found it clearly implausible to argue that revealing additional details regarding the scope of the initiative would lead to a new threat for the industry representatives.

The EU Internet Forum will meet again on 8 December 2016. In the absence of transparent procedures, we will continue to communicate on potential threats to our rights and freedoms.